**Global:** As cyber-attacks rise, experts advocate for a holistic resilience-by-design strategy that integrates security into business architecture, culture, and leadership, promising stronger protection, rapid recovery, and competitive advantage amid evolving threats.
As cyber-attacks become an unavoidable challenge for organisations worldwide, experts emphasise the need to transform traditional, fragmented security measures into a holistic culture of resilience by design. This approach goes beyond reactive tactics to embed resilience into the very fabric of business operations and IT infrastructure.
Security and risk management (SRM) professionals are increasingly aware that cyber-attacks are less a question of if and more a question of when. The World Economic Forum’s Global Risks Report 2024 highlights cyber-insecurity as the fourth most significant risk organisations face, up from eighth place the previous year. This shift calls for a strategic pivot from conventional IT responses towards comprehensive organisational resilience.
Marc Lueck, Chief Information Security Officer (CISO) in Residence at the cloud-based cyber-security platform Zscaler, stresses the importance of viewing resilience as a holistic, philosophical challenge rather than merely a set of technical controls. “Resilience is all about looking at the challenge holistically,” Lueck said. “It requires looking at this as a philosophical challenge, rather than a technical one, so businesses can ensure they’re prepared and can respond quickly to any attack. We need to move away from the old-school thinking of controls as isolated measures that are applied to a business and look at how to achieve overall resilience.”
Research from Gartner reveals a gap in understanding among SRM professionals regarding how resilience can reinforce security programmes. Many continue to rely on outdated, piecemeal approaches focused on individual operational fixes instead of integrating resilience into an enterprise-wide strategy.
The concept of “resilient by design” is being promoted as the optimal way forward. This approach entails designing business architectures and IT infrastructures that inherently prevent and mitigate the impact of cyber threats while fostering resilient corporate cultures and teams – led by IT – prepared to withstand and recover from incidents.
Lueck explained, “The ability to prevent an attack, withstand an attack as it’s going on and recover from an attack after it’s happened is not something that can be done by one group or one technology in one area of the business. Businesses need to look holistically across their organisation and ensure they have this deep ability to prevent, withstand and recover from these attacks.”
Importantly, resilience should be factored into business decision-making processes from the outset, notably during business capability building and expansion efforts. Doing so can enhance agility, as adjustments to architecture intended to reduce risk may simultaneously speed operational processes. Lueck commented, “It’s about thinking about the challenge before you enact business changes.”
He illustrated this with an analogy to preparing for a storm: using forecasts to anticipate it (threat intelligence), deploying protective tools (defensive controls and connectivity), reinforcing structures to mitigate damage (robust IT architecture), and ensuring recovery services (emergency response systems) are in place. Regular testing through tabletop exercises enables businesses to predict and plan for disruptions during crises.
Responsibility for resilience extends beyond SRM professionals to the organisation’s leadership. “We need board members making the case for resilience, and that’s why resilience is such a handy title, because it’s not mired in the jargon of cyber-security,” noted Lueck. This inclusive perspective on resilience can also be applied to other significant risks such as the operational impacts of global conflicts. Moreover, it can enhance the personal resilience of business leaders, improving their leadership capabilities.
Adopting a resilience-by-design approach offers organisations not only improved security but also considerable competitive advantages. Gartner’s findings indicate that businesses embracing resilience principles develop stronger, more adaptable cyber-security frameworks and maintain clear plans for responding effectively when incidents occur.
“Attacks are becoming more common and if we’re all going to experience this in some form, resilience can be the competitive advantage to get your business going quicker, with more profit or just to keep your business going at all,” said Lueck. “Investing in resilience can not only protect a business but ensure that it is successful. That is a first for security, and it’s only in this past couple of years it has become the enabler we always dreamed it might.”
In summary, as cyber-risks escalate in both frequency and impact, organisations are urged to move beyond piecemeal defensive measures towards embedding resilience at every level – from architecture and technology to culture and leadership. This shift holds the potential not only for enhanced protection but also for improved business sustainability and competitive strength.
Source: Noah Wire Services
Subscribe to Industry Updates
